rule Windows_Trojan_Farfli_85d1bcc9 {
    meta:
        author = "Elastic Security"
        id = "85d1bcc9-c3c7-454c-a77f-0e0de933c4c3"
        fingerprint = "56a5e4955556d08b80849ea5775f35f5a32999d6b5df92357ab142a4faa74ac3"
        creation_date = "2022-02-17"
        last_modified = "2022-04-12"
        threat_name = "Windows.Trojan.Farfli"
        reference_sample = "e3e9ea1b547cc235e6f1a78b4ca620c69a54209f84c7de9af17eb5b02e9b58c3"
        severity = 100
        arch_context = "x86"
        scan_context = "file, memory"
        license = "Elastic License v2"
        os = "windows"
    strings:
        $a = { AB 66 AB C6 45 D4 25 C6 45 D5 73 C6 45 D6 5C C6 45 D7 25 C6 45 }
    condition:
        all of them
}

